Special report: The cyberwar threat from North Korea

Fox News

By Kelley Beaucar Vlahos
North Korea’s effort to build a cyberarmy that can conduct a string of attacks on neighboring states has experts asking some key questions:

Is Pyongyang gearing up for a cyberassault on the United States?

Does it have the capability?

“They do have the capability, obviously,” says Alexandre Mansourov, a visiting scholar at the U.S.-Korea Institute at the Johns Hopkins School of Advanced International Studies. “But I don’t think they have the intention.”

But not everyone is so unsure. Like the Cold War in the 1950s and ’60s, cyberwarfare is becoming an arms race. Many nations, including the United States, are building up their offensive and defensive capabilities amid an increase of espionage and a proliferation of attacks on public and private computer networks.

Experts say the number of attacks on South Korea over the last five years looks more like a coordinated war than the work of random hackers. This has some officials in the U.S. girding for a broader fight.

“We should never underestimate Pyongyang's willingness to engage in dangerous and provocative behavior to extract more aid and concessions from the international community,” Rep. Mike Rogers (R-Mich.), chairman of the House Select Committee on Intelligence, said in a statement to FoxNews.com.

'They are saying quite publicly they have several thousand men and women working on a daily basis on cyber.'

- Jarno Limnéll, director of cybersecurity at Stonesoft Corp.

“North Korea is certainly not the most capable nation-state threat actor today, but even relatively minor cyberplayers can sometimes find vulnerabilities in complicated civilian architectures and cause significant disruptions."

While no one knows exactly what North Korea has up its sleeve, a number of hackers who have defected, as well as the increasingly sophisticated attacks on South Korea, suggest that its leader, Kim Jong-un, isn’t limiting his muscle-flexing to nuclear tests in the Pacific.

A history of cyber-violence
According to reports beginning in 2010, North Korea has been training thousands of top computer science students to be sophisticated cyberwarriors. Some experts, like Professor Lee Dong-hoon of the Korea University Graduate School of Information Security, estimate that Pyongyang has been pouring money into cyberwarfare since the 1980s.

The proof is in the attacks, of course, though it is difficult to pin down the responsible parties:

• A wave of “distributed denial of service (DDoS)” attacks in 2009 struck both U.S. government and South Korean websites. A virus launched from unknown sources (South Korean officials accused Pyongyang) through a series of “zombie” computers sent waves of Internet traffic to a number of websites in the two countries. The U.S. Treasury and Federal Trade Commission sites were shut down for a weekend, but the action crippled a number of government sites and media outlets in South Korea.
• A DDoS attack on South Korean banks in March 2011 left 30 million people without ATM access for days. At the time, Dmitri Alperovitch, vice president of threat research for McAfee Labs, said the attacks had the mark of a North Korean “cyberwar drill” and theorized that Pyongyang had built an army of zombie computers, or “botnets,” to unleash malicious software. He guessed that the 2009 attack had been a similar operation.
• An attack in March 2013 was the biggest one yet, infecting and wiping clean the critical master boot records of 48,000 computers and servers associated with South Korean banks and media outlets, using their own networks. Experts traced the “cyberweapon” back through more than 1,000 IP addresses used on different continents, but South Korean officials accused North Korea of directing the attack. Systems were crippled for days.

Gen. James Thurman, commander of U.S. forces in South Korea, told Congress in 2012 that "the newest addition to the North Korean asymmetric arsenal is a growing cyberwarfare capability,” in which North Korea “employs sophisticated computer hackers trained to launch cyberinfiltration and cyberattacks" against South Korea and the U.S.

Observers say the alleged North Korean attacks are launched from servers all over the world in order to avoid detection. 

“It’s all untraceable,” Mansourov said. “But there is a presumption of guilt -- I think it's a valid presumption.”

Jarno Limnéll, director of cybersecurity at Finland-based Stonesoft Corp. (part of the McAfee cybersecurity company), said that while it is “hard to know what cyber-capabilities your enemies or even your friends have, [this is] something [North Korea] has taken very seriously … and what they are saying quite publicly is they have several thousand men and women working on a daily basis on cyber. They want to give a very clear impression that they are a strong player in this field.”

Accusations fly worldwide
For its part, Pyongyang has accused South Korea and the U.S. of launching similar attacks against North Korea. Last March, around the time of the attacks on banks and broadcasters in Seoul, North Korean offices said an online attack took down the servers at Loxley Pacific Co., the broadband provider for the North.

Mansourov said there is a “Cold War situation going on,” a tit-for-tat between the North and South. And it’s not limited to the Korean Peninsula:

China has accused the U.S. of cybersnooping, and the U.S. has accused China not only of spying, but of launching expensive cyberattacks against public and private networks in the U.S.

Meanwhile, Israel and the U.S. were widely fingered for launching the Stuxnet virus that crippled Iran's nuclear program in 2010.

“It’s effectively an arms race,” said C. Matthew Curtin, founder of the computer security consulting firm Interhack and author of  Brute Force: Cracking the Data Encryption Standard.

“We need to assume that hostile nation states -- even non-state actors like al Qaeda -- have offensive cyber-capabilities, and we need to be in a position to render their capabilities moot."

He said the best way to confront cyberthreats is to secure domestic networks and force other countries to spend more money to get to us. “Then it becomes like the [Cold War-era] Soviet Union, where they will eventually have nothing left to spend,” he said.

Rogers still hopes to see the Cyber Intelligence Sharing and Protection Act (CISPA), which the House passed in April,  succeed in the Senate and be signed into law by President Obama. It would allow greater information sharing between the government and private companies to prevent and respond to cyberattacks. But critics say it will give the government greater ability to monitor citizens’ Internet communications.

“It’s not a black-and-white issue,” said Curtin, who noted that “nothing is free” and that breaking down these “barriers” of information will require ordinary citizens to give up some privacy.

But the threat is real, he said, whether it comes from North Korea or Iran.

"If someone was trying to shut down our power grid when there is a huge polar vortex blowing through the country, that would have a serious impact on us,” he said.